Method for industrially changing the passwords of AIX/UNIX users

ABSTRACT

A method for industrially changing the passwords of users in an AIX/UNIX system including a plurality of stations. A system being managed by a system administrator located at one of the stations is able to change the passwords of at least a set of users. The method comprises the steps of building an initial program including a new password selected by the system administrator for replacing the current password of all users, compiling the initial program in order to obtain an executable program, transmitting the executable program to the stations, and executing in each station, the executable program in order to obtain an encrypted string corresponding to the new password, the encrypted string being specific to the stations wherein the executable program is executed.

FIELD OF THE INVENTION

[0001] The present invention relates to the management of users of AIX/UNIX stations and relates in particular to a method initialized by the system administrator for industrially changing the passwords of the AIX/UNIX users.

BACKGROUND

[0002] In an AIX/UNIX system, security is based on rights to access files and commands. Some of these files and commands are more protected than others, especially if they are very sensitive because they can corrupt the system, resulting in a loss of data for the users and applications.

[0003] Accordingly, any user has two forms of identification: a user name and a user ID. This enables a user to access some files and commands and to have limited rights such as “read”, “write” or “execute” applied to a file or a command, associated with the user ID. In addition to the user name and the user ID, each user has a password which is required to enter a file or a command to which he may access.

[0004] In an AIX/UNIX system, there is a super user, also named the “root”, who is the system administrator. He is associated with the user ID=0, which provides him with all system administrator functions. As any other user, the system administrator has a password which is disclosed with considerable care by providing “roles” which are authorizations that allow a user to execute functions normally executed by the “root” user.

[0005] It is said that the security of the system is no better than the weakest password, because once person has access to a user's account, it is possible for this person to exploit weaknesses in the system configuration and gain access to the root's account or mount a denial of service attack from the system.

[0006] There is a normal UNIX command to change a password. This command may be used by any user to change its own password or by the system administrator (“root”) to change any user's password. It is usually convenient for the system administrator to set an initial password for a new user in order to activate the new user's account. In such a case, the system administrator has to set up a connection (Telnet) to the station where is the user, and then he is prompted to enter a new password only known by himself.

[0007] Periodically, or when the system has been hacked, the security requires password changes for all the stations of the system. As mentionned above, changing a password implies a network connection for each password. During this connection, the system administrator must log as root user, enter the password command and then enter the new password twice for checking. The problem is that changing the passwords is a vast undertaking for the system administrator when there are several hundred AIX/UNIX users.

SUMMARY

[0008] Accordingly, an object of the invention is to provide a method for industrially changing the passwords of the users in a AIX/UNIX system without requiring set up of a connection and entry of a password command for each user.

[0009] The invention relates therefore to a method for industrially changing the passwords of users in an AIX/UNIX system including a plurality of stations, each station having at least one user, the system being managed by a system adminsitrator located at one of said stations and being able to change the passwords of at least a set of users. The method comprises the steps of building an initial program including a new password selected by the system administrator for replacing the current password of all users in the set of users, compiling the initial program containing the new password in order to obtain an executable program, transmitting the executable program to the stations, and executing in each station, the executable program in order to obtain an encrypted string corresponding to the new password, the encrypted string being specific to the stations wherein the executable program is executed.

BRIEF DESCRIPTION OF THE DRAWINGS

[0010] The above and other objects, features and advantages of the invention will be better understood by reading the following more particular description of the invention in conjunction with the accompanying drawings wherein:

[0011]FIG. 1 is a schematic block-diagram representing an AIX/UNIX system wherein the method according to the invention can be implemented.

[0012]FIG. 2 is a flow chart representing the steps of the method according to the invention.

DETAILED DESCRIPTION

[0013] Referring to FIG. 1, an AIX/UNIX system wherein the invention can be implemented includes an Intranet network or the Internet network 10 to which are connected a plurality of stations 12, 14, 16, 18 and 20. Each of these stations includes one or several users. A system administrator in charge of managing and acting as the “root” (user ID=0) is in one the system stations, for example station 20. In the figure, the station 20 is connected to network 10 by means of a LAN 22, but it is clear than any one of the other stations 12, 14, 16 or 18 could also be connected to the network by means of a LAN. Note also that the system administrator could be in any one of the stations in the system.

[0014] Referring to FIG. 2, the method according to the invention consists first in selecting a new password by the system administrator at station 20 (step 30). Note that this password will be the same for all users, but this is not a disadvantage insofar as it is advisable for any user to enter a personal password once the password has been changed by the system administrator.

[0015] Then, an initial program is built (step 32), preferably in C language. Such a program includes a password file containing the password selected by the system administrator and a password routine which will enable the stations to encrypt the password. When the initial program has been built, it is compiled (step 34) to be transformed into an executable program which is in the form of a binary file.

[0016] Then, the executable program is transmitted to all the stations over the network (step 38), either directly if the network is a private network, or after being encrypted if the network is the Internet network (step 36). When received by a station, the executable program is executed (step 40) and the password contained in the password file is industrially encrypted (step 42) by using the password routine also contained in the password file. Note that the encryption is performed by using an encryption key which is specific to the station so that the password is transformed, in each station, into an encrypted string different for each station which is written in the password file where AIX/UNIX encrypted passwords are usually written. During the same time, the “last change date” is updated to the current date allowing the system to take the new password into account and to manage it according to the security rules set in the system. 

1. A method for changing the passwords of users in an AIX/UNIX system including a plurality of stations, each station having at least one user, said system being managed by a system administrator located at one of said stations and being able to change the passwords of at least a set of users amongst said users, said method comprising the steps of: building an initial program including a new password selected by said system administrator for replacing a current password of a plurality of users in said set of users; compiling said initial program in order to obtain an executable program; transmitting said executable program to said plurality of stations; and executing in each station, said executable program in order to obtain an encrypted string corresponding to said new password, said encrypted string being specific to the stations wherein said executable program is executed.
 2. The method according to claim 1, wherein said initial program includes a password file containing said selected password and a password routine to be used by each of said stations for which the passwords are to be changed in order to obtain said encrypted string.
 3. The method according to claim 2, wherein said encrypted string is obtained from said selected password by using an encryption key specific station.
 4. The method according to claim 3, wherein said encrypted string is written in a password file.
 5. The method according to claim 1, wherein said stations are connected to a network.
 6. The method according to claim 5, wherein said network is the Internet network.
 7. The method according to claim 6, further comprising the step of encrypting said executable program before transmitting said executable program over said Internet network to said stations. 